how to move root certificate authority from Windows Server 2003 to Windows Server 2008

Moving the root certificate authority from Windows Server 2003 to Windows Server 2008 is a long but easy process. Please follow these steps.

• Open Certification Authority snap-in, right click on the CA name, click on All Tasks, and click Back up CA. This will start the Certification Authority Backup Wizard.
• Click on Next, click Private key and CA certificate.
• Click Certificate database and certificate database log.
• Create a new folder to use as backup location.
• Now click on Next. If the specified backup folder is not found, the Certification Authority Backup Wizard would create the same.
• Enter a password for the CA private key backup file.
• Click Next, check backup settings and click Finish.

Now to save registry settings:

• Go to Start, click Run and enter "regedit" and say OK.
• Find HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesCertSvcConfiguration, right click and say Export.
• Save it in the CA Backup folder defined above.

Now go to Control Panel, Add/Remove Programs, Windows Components, and uncheck Certificate Authority. Now your old computer can be removed from the network.

To deploy Certificate Services on the new computer, follow these steps:

• Open Service Manager and click Roles under the console tree.
• Click Add Roles from the Action menu.
• Click Next in the Before you Begin wizard.
• Check the box that says Active Directory Certificate Services and say Next twice.
• Select Certification Authority and click Next.
• Select Enterprise and click Next.
• Specify the Root and click Next.
• On the Set Up Private Key page, select Use Existing Private Key and choose Select a certificate and use its associated private key.
• Click Next and click Import to import the .pfx file that we exported previously.
• Click Browse and locate the previously saved file.
• Enter the password that you entered previously and click OK.
  
• Select the imported certificate and click Next.
• Choose a path and complete the installation.

Now restore the registry by locating the registry value we saved earlier., right click the file and select merge.

The last step is to restore the database:

• Open Server Manager.
• Expand the Roles tab and then expand Active Directory Certificate Services.
• Find the name of the CA that we just deployed.
• Right click on the CA name and say Restore CA.
• Say OK when you get a warning.
• Once the wizard appears, click Next.
• Check the "Certificate Database" and "Certificate Database Log" items.
• Click Browse and locate the database that was copied earlier and click Next and then click Finish.
• Click Yes when it asks you to restart AD CS.

Hope that helped.

Thanks.